Springboot整合Shiro的代码实例
这篇文章主要介绍了Springboot整合Shiro的代码实例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下
1、导入依赖
org.apache.shiro shiro-spring 1.4.0
2、创建ShiroRealm.java文件
(这里按照需求,只做登录认证这块)
packagecom.hyqfx.manager.shiro;
importcom.baomidou.mybatisplus.mapper.EntityWrapper;
importcom.hyqfx.manager.entity.po.SystemAdmin;
importcom.hyqfx.manager.service.ISystemAdminService;
importorg.apache.shiro.authc.*;
importorg.apache.shiro.authz.AuthorizationInfo;
importorg.apache.shiro.realm.AuthorizingRealm;
importorg.apache.shiro.subject.PrincipalCollection;
importorg.springframework.beans.factory.annotation.Autowired;
publicclassShiroRealmextendsAuthorizingRealm{
@Autowired
privateISystemAdminServiceadminService;
//授权
@Override
protectedAuthorizationInfodoGetAuthorizationInfo(PrincipalCollectionprincipalCollection){
/*
//获取登录用户名
Stringname=(String)principalCollection.getPrimaryPrincipal();
//查询用户名称
Useruser=loginService.findByName(name);
//添加角色和权限
SimpleAuthorizationInfosimpleAuthorizationInfo=newSimpleAuthorizationInfo();
for(Rolerole:user.getRoles()){
//添加角色
simpleAuthorizationInfo.addRole(role.getRoleName());
for(Permissionpermission:role.getPermissions()){
//添加权限
simpleAuthorizationInfo.addStringPermission(permission.getPermission());
}
}
returnsimpleAuthorizationInfo;*/
returnnull;
}
//认证
@Override
protectedAuthenticationInfodoGetAuthenticationInfo(AuthenticationTokenauthenticationToken)throwsAuthenticationException{
//加这一步的目的是在Post请求的时候会先进认证,然后在到请求
if(authenticationToken.getPrincipal()==null){
returnnull;
}
//获取用户信息
Stringname=authenticationToken.getPrincipal().toString();
SystemAdminadmin=adminService.selectOne(newEntityWrapper().eq("username",name));
if(admin==null){
returnnull;
}else{
//这里验证authenticationToken和simpleAuthenticationInfo的信息
SimpleAuthenticationInfosimpleAuthenticationInfo=newSimpleAuthenticationInfo(name,admin.getPassword().toString(),getName());
returnsimpleAuthenticationInfo;
}
}
}
3、创建ShiroConfiguration.java文件
packagecom.becl.config;
importcom.becl.shiro.PasswordMatcher;
importcom.becl.shiro.ShiroRealm;
importorg.apache.shiro.mgt.SecurityManager;
importorg.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
importorg.apache.shiro.spring.web.ShiroFilterFactoryBean;
importorg.apache.shiro.web.mgt.DefaultWebSecurityManager;
importorg.springframework.context.annotation.Bean;
importorg.springframework.context.annotation.Configuration;
importjava.util.HashMap;
importjava.util.Map;
@Configuration
publicclassShiroConfiguration{
//将自己的验证方式加入容器
@Bean
publicShiroRealmmyShiroRealm(){
ShiroRealmmyShiroRealm=newShiroRealm();
myShiroRealm.setCredentialsMatcher(passwordMatcher());//装配自定义的密码验证方式
returnmyShiroRealm;
}
//配置加密方式
//配置了一下,这货就是验证不过,,改成手动验证算了,以后换加密方式也方便
@Bean
publicPasswordMatcherpasswordMatcher(){
returnnewPasswordMatcher();
}
//权限管理,配置主要是Realm的管理认证
@Bean
publicSecurityManagersecurityManager(){
DefaultWebSecurityManagersecurityManager=newDefaultWebSecurityManager();
securityManager.setRealm(myShiroRealm());
returnsecurityManager;
}
//Filter工厂,设置对应的过滤条件和跳转条件
@Bean
publicShiroFilterFactoryBeanshiroFilterFactoryBean(SecurityManagersecurityManager){
ShiroFilterFactoryBeanshiroFilterFactoryBean=newShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
Mapmap=newHashMap();
//登出
map.put("/logout","logout");
//不需要认证
map.put("/logout","anon");
map.put("/login*","anon");
map.put("/shiroError","anon");
//对所有用户认证
map.put("/**","authc");
//map.put("/**","anon");
//登录
shiroFilterFactoryBean.setLoginUrl("/login");
//首页
shiroFilterFactoryBean.setSuccessUrl("/index");
//错误页面,认证不通过跳转
shiroFilterFactoryBean.setUnauthorizedUrl("/shiroError");
shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
returnshiroFilterFactoryBean;
}
//加入注解的使用,不加入这个注解不生效
@Bean
publicAuthorizationAttributeSourceAdvisorauthorizationAttributeSourceAdvisor(SecurityManagersecurityManager){
AuthorizationAttributeSourceAdvisorauthorizationAttributeSourceAdvisor=newAuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
returnauthorizationAttributeSourceAdvisor;
}
}
4、自定义Shiro的密码比较器
packagecom.becl.shiro;
importorg.apache.shiro.authc.AuthenticationInfo;
importorg.apache.shiro.authc.AuthenticationToken;
importorg.apache.shiro.authc.UsernamePasswordToken;
importorg.apache.shiro.authc.credential.SimpleCredentialsMatcher;
importorg.mindrot.jbcrypt.BCrypt;
/**
*自定义密码比较器
*/
publicclassPasswordMatcherextendsSimpleCredentialsMatcher{
@Override
publicbooleandoCredentialsMatch(AuthenticationTokentoken,AuthenticationInfoinfo){
UsernamePasswordTokenutoken=(UsernamePasswordToken)token;
//获得用户输入的密码:(可以采用加盐(salt)的方式去检验)
StringinPassword=newString(utoken.getPassword());
Stringusername=utoken.getUsername();
//获得数据库中的密码
StringdbPassword=(String)info.getCredentials();
//进行密码的比对
booleanflag=BCrypt.checkpw(inPassword,dbPassword);
returnflag;
}
}
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持毛票票。
声明:本文内容来源于网络,版权归原作者所有,内容由互联网用户自发贡献自行上传,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任。如果您发现有涉嫌版权的内容,欢迎发送邮件至:czq8825#qq.com(发邮件时,请将#更换为@)进行举报,并提供相关证据,一经查实,本站将立刻删除涉嫌侵权内容。